When you review the information in the Alarm Details or Event Details, you can easily launch an action to forward the associated domain information to Cisco Umbrella. If you want to apply an action to similar items that occur in the future, you can also create an orchestration rule directly from the alarmAlarms provide notification of an event or sequence of events that require attention or investigation. or eventAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall..
To launch a Cisco Umbrella orchestration action for an alarm or event
- Go to Activity > Alarms or Activity > Events.
- Click the alarm or event to open the details.
-
Click Select Action.
-
In the Select Action dialog box, select the Cisco Umbrella tile.
This displays the options for the selected response app. It automatically sets the App Action to Report names found on an alarm.
-
If you have more than one sensor installed, select the sensor where the AlienApp for Cisco Umbrella is enabled.
-
Click Run.
After USM Anywhere initiates the action, it displays a confirmation dialog box.
If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.